Security and Privacy Flashcards

1
Q

What are some common hardware security breaches?

A

Authentication spoofing, side-channel attacks and memory-level attakcs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some common Cloud, Fog and Edge security breaches?

A

Denial of Service, side-channel attacks and eavesdropping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What can cause poor software security?

A

Poor input validation, weak (or no) encryption, hardcoded information, no penetration testing or fuzzing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the CIA triad?

A

The CIA triad refers to Confidentiality, Integrity and Availability, three of the cornerstones of security. Each breach on a system violates one or more of these sectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between a threat and an attack?

A

A threat is an actor with the capability to exploit vulnerabilities in the system, while an attack is a threat being carried out on the system - the implementation, if you will.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between a risk and a vulnerability?

A

A vulnerability is a flaw or weakness in a system’s design that could be exploited, while a risk is the expectation of loss associated with that vulnerability, or a threat leveraging that vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is meant by an interception attack?

A

Any situation where an actor can access private or confidential information with no legitimate authorisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is meant by a modification attack?

A

Any situation where an attacker intercepts communication between sender and receiver without their knowledge and tampers with the information. It is important that it is without their knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is meant by a fabrication attack?

A

Any situation where an attacker injects false data or creates a false trail in the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is meant by an interruption attack?

A

Any situation where an attacker causes information to become unavailable or unusable for the receiver on either a temporary or permanent basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is meant by a side-channel attack?

A

Any situation where an attacker uses unintended information from physical and logical parameters of a main computation function to gain access or information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is meant by a covert-channel attack?

A

Any situation where an attacker creates a pipeline to transfer data between two processes that are not supposed to be allowed to communicate with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is one attack you can perform on a memory-based channel?

A

A side-channel analysis. Some software’s access to key-dependent memory may cause extra computation to decrypt or encrypt the keys, allowing attackers to predict the keys’ contents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are three features that get exploited by cache SCAs?

A

Cache access latency due to computation, memory-to-cache mapping to derive main memory access behaviour, and cache conflicts to capture the cache accesses by a victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a side-channel attack that exploits memory-to-cache mapping?

A

One side-channel attack may be done by loading data into a single set of a set-associative cache until data has to be popped off, allowing the attacker to know the size and contents of that cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly